Virtual WAN Branch IPsec connectivity automation

This article provides information on Virtual WAN partners for connectivity into a Virtual WAN hub.

There are two types of offerings that make connecting to Azure easier:

  • Network Virtual Appliances (NVAs) deployed in a Virtual WAN hub: Customers can deploy Network Virtual Appliances directly into a Virtual WAN hub. This solution is jointly managed by Microsoft Azure and third-party Network Virtual Appliance solution providers. To learn more about NVAs deployed in a Virtual WAN hub, see About NVAs in a Virtual WAN hub.
  • Branch IPsec connectivity automation: Customers can automatically configure and connect their branch devices to the Azure Virtual WAN Site-to-site VPN gateway using IPsec tunnels. These configurations are typically set up in the device-management UI (or equivalent).

Partners with integrated virtual hub offerings

Some partners offer Network Virtual Appliances (NVAs) that can be deployed directly into the Azure Virtual WAN hub through a solution that is jointly managed by Microsoft Azure and third-party Network Virtual Appliance solution providers.

When a Network Virtual Appliance is deployed into a Virtual WAN hub, it can serve as a third-party gateway with various functionalities. It could serve as an SD-WAN gateway, Firewall or a combination of both. For more information about deploying an NVA into a Virtual WAN hub and available partners, see About NVAs in a Virtual WAN hub.

Branch IPsec connectivity automation from partners

Devices that connect to Azure Virtual WAN have built-in automation to connect. This is typically set up in the device-management UI (or equivalent), which sets up the connectivity and configuration management between the VPN branch device to an Azure Virtual hub VPN endpoint (VPN gateway).

The following high-level automation is set up in the device console/management center:

  • Appropriate permissions for the device to access Azure Virtual WAN Resource Group.
  • Uploading of Branch Device into Azure Virtual WAN.
  • Automatic download of Azure connectivity information.
  • Configuration of on-premises branch device.

Some connectivity partners may extend the automation to include creating the Azure Virtual hub VNet and VPN gateway. If you want to know more about automation, see Automation guidelines for Virtual WAN partners.

Branch IPsec connectivity partners

You can check the links in this section for more information about services offered by partners. If your branch device partner isn't listed in the section below, have your branch device provider contact us. They can contact us by sending an email to azurevirtualwan@microsoft.com.

Partners Configuration/How-to/Deployment Guide
Barracuda Networks Barracuda CloudGen Firewall: Azure Virtual WAN
Check Point Check Point for the Microsoft Azure Virtual WAN Quick Start Guide
Cisco Meraki Azure Virtual WAN Cisco Meraki Deployment Guide and vMX and Azure vWAN
Citrix Using Citrix SD-WAN to connect to Microsoft Azure Virtual WAN
CloudGenix CloudGenix Azure Virtual WAN CloudBlade Deployment Guide
Fortinet FortiGate and Microsoft Azure Virtual WAN Integration deployment guide,Routing Scenario Blog
HPE Aruba Aruba SD-WAN and Microsoft Azure Virtual WAN Deployment Guide
NetFoundry Netfoundry Support Hub: Azure Virtual WAN
Nuage/Nokia Nuage and Azure Virtual WAN Deployment Guide
Open Systems Open Systems and Azure Virtual WAN Deployment Guide
Palo Alto Networks Palo Alto Networks Azure Virtual WAN Deployment Guide
Riverbed Technology Azure Virtual WAN & SteelConnect EX
Silver-Peak EdgeConnect and Microsoft Azure Virtual WAN Integration Guide
VMware SD-WAN Azure Virtual WAN VMware SD-WAN Deployment Guide
Versa Configuring Versa SD-WAN and Microsoft Azure vWAN (Available for registered customers)
F5 Azure Virtual WAN F5 Deployment Guide

* Direct link unavailable. Contact partner company for support.

The following partners are slated on our roadmap based on a terms sheet signed between the companies indicating the scope of work to automate IPsec connectivity between the partner device and Azure Virtual WAN VPN gateways: 128 Technologies, Arista, F5 Networks, Oracle SD-WAN (Talari), and SharpLink.

Next steps